CVE-2006-1912
published 2006-04-20CVE-2006-1912: MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize…
PriorityP424medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
1.60%
72.7th percentile
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_workspace | — | — |
| mybulletinboard | mybulletinboard | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wv4h-rrpm-qxq9: MyBB (MyBulletinBoard) 1
ghsa_unreviewed·2022-05-01
CVE-2006-1912 [MEDIUM] GHSA-wv4h-rrpm-qxq9: MyBB (MyBulletinBoard) 1
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.
Citrix
Citrix Workspace app for Windows Security Update
vendor_citrix·2020-09-08·CVSS 8.8
CVE-2020-8207 [HIGH] Citrix Workspace app for Windows Security Update
Citrix Workspace app for Windows Security Update
of Problem A vulnerability has been identified in the automatic update service of Citrix Workspace app for Windows that could result in: A local user escalating their privilege level to that of an administrator on the computer running Citrix Workspace app for Windows. A remote compromise of the computer running Citrix Workspace app when Windows file sharing (SMB) is enabled. The issue has the following identifier: CVE-2020-8207 This vulnerability affects the following supported versions of Citrix Workspace app for Windows: Citrix Workspace app 2002, 2006 and 2006.1 for Windows Citrix Workspace app 1912 LTSR for Windows (before CU1 Hotfix 1) Note that this vulnerability was originally reported against a subset of the versions above. However,
Citrix
CVE-2020-8207: Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic upda
vendor_citrix·2020-07-24·CVSS 8.8
CVE-2020-8207 [HIGH] CWE-284 CVE-2020-8207: Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic upda
CVE-2020-8207: Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.
No detection rules found.
No writeups or analysis indexed.
http://community.mybboard.net/showthread.php?tid=8232http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.htmlhttp://secunia.com/advisories/19668http://www.osvdb.org/24710http://www.osvdb.org/24711http://www.securityfocus.com/archive/1/431061/30/5580/threadedhttp://www.vupen.com/english/advisories/2006/1381https://exchange.xforce.ibmcloud.com/vulnerabilities/25865http://community.mybboard.net/showthread.php?tid=8232http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.htmlhttp://secunia.com/advisories/19668http://www.osvdb.org/24710http://www.osvdb.org/24711http://www.securityfocus.com/archive/1/431061/30/5580/threadedhttp://www.vupen.com/english/advisories/2006/1381https://exchange.xforce.ibmcloud.com/vulnerabilities/25865
2006-04-20
Published